Abstract
We can obtain a great deal of information from networks, but at the same time, we also face increasingly more problems, including those related to network security. Detecting network anomalies by their generation applications plays an important role in network security, and the quality of these systems is strongly dependent on the employed detection algorithms. Therefore, improving the performance of these algorithms is an important issue. In this paper, we design a new algorithm that we called the suppor vector machine based on the restricted Boltzmann machine (SVM-RBM) to detect network anomalies. The challenges for this algorithm are feature pre-processing and the speed for training the model. We use unsupervised algorithms such as the restricted Boltzmann machine (RBM) to extract useful features from the data sets and choose the gradient descent algorithm with Spark to train the support vector machine (SVM) classifier for short running time. Moreover, we explore the number of hidden units to improve the performance of SVM-RBM. We also discover that the learning rate has an effect on the SVM and we should choose the appropriate value.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Barman D, Claffy K, Faloutsos M, Fomenkov M, Kim H, Lee K (2008) Internet traffic classification demystified: myths, caveats, and the best practices. In: ACM SIGCOMM conference on emerging networking experiments and technologies (CoNEXT), ACM SIGCOMM conference on emerging networking experiments and technologies (CoNEXT), New York
Calcagn A, Lombardi L, Pascali E (2014) Non-convex fuzzy data and fuzzy statistics: a first descriptive approach to data analysis. Soft Comput 18(8):1575–1588. doi:10.1007/s00500-013-1164-x
Carreira-Perpinan MA, Hinton GE (2005) On contrastive divergence learning. In: Proceedings of the 10th international workshop on artificial intelligence and statistics. Society for Artificial Intelligence and Statistics, NP, pp 33–40
Fiore U, Palmieri F, Castiglione A, Santis AD (2013) Network anomaly detection with the restricted Boltzmann machine. Neurocomputing. In: Advances in cognitive and ubiquitous computing. Selected papers from the Sixth international conference on innovative mobile and internet services in ubiquitous computing (IMIS-2012), vol 122, pp 13–23. doi:10.1016/j.neucom.2012.11.050
Gaddam S, Phoha V, Balagani K (2007) K-means+id3: a novel method for supervised anomaly detection by cascading k-means clustering and id3 decision tree learning methods. Knowl Data Eng IEEE Trans 19(3):345–354. doi:10.1109/TKDE.2007.44
Ghosh AK, Schwartzbard A (1999) A study in using neural networks for anomaly and misuse detection. In: Proceedings of the 8th conference on USENIX security symposium, USENIX Association, Berkeley, CA, USA, SSYM’99, vol 8, pp 12–12
Gu Y, McCallum A, Towsley D (2005) Detecting anomalies in network traffic using maximum entropy estimation. In: Proceedings of the 5th ACM SIGCOMM conference on internet measurement, USENIX Association, Berkeley, CA, USA, IMC ’05, pp 32–32
Hinton G (2012) A practical guide to training restricted Boltzmann machines. In: Neural networks: tricks of the trade, lecture notes in computer science, vol 7700. Springer, Berlin, Heidelberg, pp 599–619. doi:10.1007/978-3-642-35289-8_32
Hinton GE, Osindero S, Teh Y (2006) A fast learning algorithm for deep belief nets. Neural Comput 18:1527–1554
Hopfield JJ (1982) Neural networks and physical systems with emergent collective computational abilities. Proc Natl Acad Sci USA 79(8):2554–2558
Kruegel C, Mutz D, Robertson W, Valeur F (2003) Bayesian event classification for intrusion detection. In: Proceedings of the 19th annual computer security applications conference, pp 14–23, doi:10.1109/CSAC.2003.1254306
Lakhina A, Crovella M, Diot C (2005) Mining anomalies using traffic feature distributions. SIGCOMM Comput Commun Rev 35(4):217–228. doi:10.1145/1090191.1080118
Larochelle H, Bengio Y (2008) Classification using discriminative restricted Boltzmann machines. In: Proceedings of the 25th international conference on machine learning, ACM, New York, NY, USA, ICML ’08, pp 536–543. doi:10.1145/1390156.1390224
Le Roux N, Bengio Y (2008) Representational power of restricted Boltzmann machines and deep belief networks. Neural Comput 20(6):1631–1649. doi:10.1162/neco.2008.04-07-510
Lee W, Stolfo SJ (1998) Data mining approaches for intrusion detection. In: Proceedings of the 7th conference on USENIX security symposium, USENIX Association, Berkeley, CA, USA, SSYM’98, vol 7, pp 6–6
Lee H, Pham P, Largman Y, Ng AY (2009) Unsupervised feature learning for audio classification using convolutional deep belief networks. In: Bengio Y, Schuurmans D, Lafferty J, Williams C, Culotta A (eds) Advances in neural information processing systems, vol 22. Curran Associates Inc, pp 1096–1104
Li J, Kim K (2010) Hidden attribute-based signatures without anonymity revocation. Inf Sci 180(9):1681–1689. doi:10.1016/j.ins.2010.01.008
Li J, Chen X, Li M, Li J, Lee P, Lou W (2014a) Secure deduplication with efficient and reliable convergent key management. Parallel Distrib Syst IEEE Trans 25(6):1615–1625. doi:10.1109/TPDS.2013.284
Li J, Huang X, Li J, Chen X, Xiang Y (2014b) Securely outsourcing attribute-based encryption with checkability. Parallel Distrib Syst IEEE Trans 25(8):2201–2210. doi:10.1109/TPDS.2013.271
Mahoney MV, Chan PK (2002) Learning nonstationary models of normal network traffic for detecting novel attacks. In: Proceedings of the eighth ACM SIGKDD international conference on knowledge discovery and data mining, ACM, New York, NY, USA, KDD ’02, pp 376–385. doi:10.1145/775047.775102
Montufar G, Ay N (2011) Refinements of universal approximation results for deep belief networks and restricted Boltzmann machines. Neural Comput 23(5):1306–1319. doi:10.1162/NECO_a_00113
Montufar GF, Rauh J, Ay N (2011) Expressive power and approximation errors of restricted Boltzmann machines. In: Shawe-Taylor J, Zemel R, Bartlett P, Pereira F, Weinberger K (eds) Advances in neural information processing systems, vol 24. Curran Associates Inc, pp 415–423
Munz G, Li S, Carle G (2007) Traffic anomaly detection using kmeans clustering. In. GI/ITG workshop MMBnet
Palmieri F, Fiore U, Castiglione A, Santis AD (2013) On the detection of card-sharing traffic through wavelet analysis and support vector machines. Appl Soft Comput 13(1):615–627. doi:10.1016/j.asoc.2012.08.045
Palmieri F, Fiore U, Castiglione A (2014) A distributed approach to network anomaly detection based on independent component analysis. Concur Comput: Pract Exp 26(5):1113–1129. doi:10.1002/cpe.3061
Ranzato M, lan Boureau Y, Cun YL (2008) Sparse feature learning for deep belief networks. In: Platt J, Koller D, Singer Y, Roweis S (eds) Advances in neural information processing systems, vol 20. Curran Associates Inc, pp 1185–1192
Rao X, Dong CX, Yang SQ (2003) An intrusion detection system based on support vector machine. J Softw 14(4):798–803
Romero A, Gatta C (2013) Do we really need all these neurons. In: Sanches J, Mic L, Cardoso J (eds) Pattern recognition and image analysis, lecture notes in computer science, vol 7887. Springer, Berlin, Heidelberg, pp 460–467. doi:10.1007/978-3-642-38628-2_54
Sancho-Asensio A, Orriols-Puig A, Golobardes E (2014) Robust on-line neural learning classifier system for data stream classification tasks. Soft Comput 18(8):1441–1461. doi:10.1007/s00500-014-1233-9
Sinclair C, Pierce L, Matzner S (1999) An application of machine learning to network intrusion detection. In: Proceedings of the 15th annual computer security applications conference, (ACSAC ’99), pp 371–377. doi:10.1109/CSAC.1999.816048
Wang Z, Crammer K, Vucetic S (2012) Breaking the curse of kernelization: budgeted stochastic gradient descent for large-scale svm training. J Mach Learn Res 13(1):3103–3131
Yu J, Lee H, Kim MS, Park D (2008) Traffic flooding attack detection with snmp mib using svm. Comput Commun 31(17):4212–4219. doi:10.1016/j.comcom.2008.09.018
Zhang J, Zulkernine M (2006) A hybrid network intrusion detection technique using random forests. In: The first international conference on availability, reliability and security, 2006. ARES 2006, pp 8–16. doi:10.1109/ARES.2006.7
Zhang J, Xiang Y, Wang Y, Zhou W, Xiang Y, Guan Y (2013) Network traffic classification using correlation information. Parallel Distrib Syst IEEE Trans 24(1):104–117. doi:10.1109/TPDS.2012.98
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
We declare that we have no financial and personal relationships with other people or organizations that can inappropriately influence our work, there is no professional or other personal interest of any nature or kind in any product, service and/or company that could be construed as influencing the position presented in, or the review of, the manuscript entitled.
Additional information
Communicated by V. Loia.
Rights and permissions
About this article
Cite this article
Yang, J., Deng, J., Li, S. et al. Improved traffic detection with support vector machine based on restricted Boltzmann machine. Soft Comput 21, 3101–3112 (2017). https://doi.org/10.1007/s00500-015-1994-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-015-1994-9